Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/83BHg9kzC6LyOtUS9rb3NKMZhts.roa
File: 83BHg9kzC6LyOtUS9rb3NKMZhts.roa (raw, json)
Hash identifier: I1ZdQu/PqR+nB9ao9pIIElw8G9qtlkGS+VKmuNClX6E=
Subject key identifier: F3:70:47:83:D9:33:0B:A2:F2:3A:D5:12:F6:B6:F7:34:A3:19:86:DB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E77
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/83BHg9kzC6LyOtUS9rb3NKMZhts.roa
Signing time: Fri 03 May 2024 04:53:43 +0000
ROA not before: Fri 03 May 2024 04:53:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 36.0.64.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20087 (0x4e77)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 04:53:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F3704783D9330BA2F23AD512F6B6F734A31986DB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:50:10:c8:1d:11:7e:3d:cc:41:ea:5b:40:6a:
6a:38:72:f2:f8:2b:c3:6b:07:32:29:2a:e2:bf:31:
3b:4d:54:03:36:d3:cc:8b:cd:a4:c7:1c:76:25:8a:
cd:dd:8a:cc:d5:bc:2b:67:eb:02:91:e5:07:82:3f:
03:2e:21:f9:8b:b8:25:05:47:7d:64:5d:e8:6d:c3:
f6:ab:e6:51:97:ed:e3:a7:9a:ab:b5:9b:35:76:91:
2f:54:b0:00:6e:89:c4:f5:2f:24:1d:af:24:31:bd:
c6:e1:18:34:c0:50:b3:b5:06:a8:1d:a1:a5:17:d6:
f1:82:25:7c:a5:10:0c:7e:85:ec:8a:16:b0:64:df:
2e:05:78:e4:f4:e5:8a:b8:78:d7:42:56:e0:ff:43:
c5:db:b9:86:2b:85:37:39:4a:de:09:02:65:aa:3b:
7e:7f:aa:20:8d:00:5c:93:1e:41:98:f3:d2:20:7f:
03:8f:68:76:b7:15:88:27:61:02:74:11:cf:1f:ed:
8c:9b:9b:55:57:75:51:f5:9c:70:9b:1f:01:a8:d3:
ee:cb:bc:b2:bf:26:ed:c2:87:f7:3f:bd:97:a2:a7:
cf:84:87:83:ee:b4:9c:11:ea:29:54:52:6a:b3:47:
87:f1:be:ea:11:ec:e1:fe:bd:88:28:f8:1a:e9:1f:
5f:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:70:47:83:D9:33:0B:A2:F2:3A:D5:12:F6:B6:F7:34:A3:19:86:DB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/83BHg9kzC6LyOtUS9rb3NKMZhts.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
36.0.64.0/18
Signature Algorithm: sha256WithRSAEncryption
27:b5:df:ff:52:ff:45:fc:52:c2:4c:cb:43:eb:08:59:a3:e3:
bf:f4:d6:21:db:19:ee:be:00:b8:7c:a3:03:7d:e5:f1:2a:c8:
6a:b8:73:e4:a0:1d:6e:89:69:03:8b:27:9d:53:59:47:2d:77:
2b:4c:e3:ca:da:ed:79:b7:42:99:76:e7:a3:37:77:82:49:09:
44:c6:96:fc:3c:23:92:82:cd:7b:73:dc:f8:a8:bc:11:86:b0:
26:e1:8e:6d:32:96:e1:ae:2d:a9:ba:d1:31:ce:28:b1:ba:26:
12:37:4c:34:50:a0:cf:34:99:69:92:93:22:23:41:e8:f1:fd:
b3:14:30:2a:37:39:40:03:bc:d6:ec:0c:a3:21:ed:b6:42:6c:
0a:9c:65:fa:eb:e9:40:eb:79:e6:3b:2c:ca:48:b4:ae:50:8f:
a4:6c:ac:b3:a8:99:7c:fb:c5:53:70:7a:1f:e7:41:6a:82:f7:
ed:dd:1a:73:07:c7:6f:17:a2:e9:d2:8e:59:1e:72:8f:92:35:
a2:9c:c2:a4:d7:1a:84:ac:15:93:48:93:42:11:9a:ae:f1:a1:
87:cd:c3:47:0e:26:f8:3b:fd:1f:45:11:c3:8a:61:ae:77:6e:
62:29:a0:93:4d:5f:45:53:c0:53:42:de:0c:97:68:4a:75:66:
73:ac:d7:6f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICTncwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
NDUzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEYzNzA0NzgzRDkzMzBC
QTJGMjNBRDUxMkY2QjZGNzM0QTMxOTg2REIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMUBDIHRF+PcxB6ltAamo4cvL4K8NrBzIpKuK/MTtNVAM208yL
zaTHHHYlis3diszVvCtn6wKR5QeCPwMuIfmLuCUFR31kXehtw/ar5lGX7eOnmqu1
mzV2kS9UsABuicT1LyQdryQxvcbhGDTAULO1BqgdoaUX1vGCJXylEAx+heyKFrBk
3y4FeOT05Yq4eNdCVuD/Q8XbuYYrhTc5St4JAmWqO35/qiCNAFyTHkGY89IgfwOP
aHa3FYgnYQJ0Ec8f7Yybm1VXdVH1nHCbHwGo0+7LvLK/Ju3Ch/c/vZeip8+Eh4Pu
tJwR6ilUUmqzR4fxvuoR7OH+vYgo+BrpH18ZAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU83BHg9kzC6LyOtUS9rb3NKMZhtswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzgzQkhnOWt6QzZMeU90
VVM5cmIzTktNWmh0cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAYkAEAwDQYJKoZIhvcNAQELBQADggEBACe13/9S/0X8UsJMy0PrCFmj47/01iHb
Ge6+ALh8owN95fEqyGq4c+SgHW6JaQOLJ51TWUctdytM48ra7Xm3Qpl256M3d4JJ
CUTGlvw8I5KCzXtz3PiovBGGsCbhjm0yluGuLam60THOKLG6JhI3TDRQoM80mWmS
kyIjQejx/bMUMCo3OUADvNbsDKMh7bZCbAqcZfrr6UDreeY7LMpItK5Qj6RsrLOo
mXz7xVNweh/nQWqC9+3dGnMHx28XounSjlkeco+SNaKcwqTXGoSsFZNIk0IRmq7x
oYfNw0cOJvg7/R9FEcOKYa53bmIpoJNNX0VTwFNC3gyXaEp1ZnOs128=
-----END CERTIFICATE-----
Generated at Sat May 17 23:12:54 2025 by rpki-client